OTL logfile created on: 09/30/2011 3:18:50 AM - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Rahne\Desktop\VirusScanners Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy 1014.36 Mb Total Physical Memory | 390.56 Mb Available Physical Memory | 38.50% Memory free 2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.38% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.71 Gb Total Space | 30.23 Gb Free Space | 57.36% Space Free | Partition Type: NTFS Drive D: | 53.20 Gb Total Space | 36.84 Gb Free Space | 69.25% Space Free | Partition Type: FAT32 Computer Name: ACER-47CBE8A5E | User Name: Rahne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/09/30 03:12:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rahne\Desktop\VirusScanners\OTL.exe PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/07/22 06:29:14 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Rahne\Local Settings\Temp\RtkBtMnt.exe PRC - [2010/06/07 05:17:40 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/17 12:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2007/07/12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe PRC - [2007/07/11 14:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2007/05/28 15:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/03/02 11:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe PRC - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/09/29 16:56:54 | 001,579,520 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11092902\algo.dll MOD - [2011/09/29 12:00:00 | 000,212,640 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11092902\aswRep.dll MOD - [2010/11/14 11:49:19 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_10333b28\mscorlib.dll MOD - [2010/11/14 11:49:14 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_42caa236\system.drawing.dll MOD - [2010/11/14 11:49:06 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_2148e9db\system.xml.dll MOD - [2010/11/14 11:48:54 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d8012a2e\system.windows.forms.dll MOD - [2010/11/14 11:48:42 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_42929559\system.dll MOD - [2010/11/14 11:48:31 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2010/11/14 11:48:30 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2010/06/07 05:17:40 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/11/19 22:02:22 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll MOD - [2009/08/27 04:24:26 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sst2cl3.dll MOD - [2007/12/11 11:35:28 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll MOD - [2007/08/07 16:47:46 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2007/08/07 16:47:46 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2007/08/07 16:47:46 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2007/08/07 16:47:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2007/08/07 16:47:46 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll MOD - [2007/08/07 16:47:44 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe MOD - [2007/05/28 15:30:30 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll MOD - [2007/04/06 01:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2003/06/07 15:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\WINDOWS\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server) SRV - [2008/04/14 05:42:06 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Sens32.dll -- (SENS) SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009/07/13 03:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp) DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/09/30 10:40:24 | 000,050,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007/12/10 17:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport) DRV - [2007/12/10 17:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport) DRV - [2007/12/10 17:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15) DRV - [2007/05/30 22:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/02 05:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007/03/09 14:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/02/16 17:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [2009/11/24 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rahne\Application Data\Mozilla\Extensions [2009/11/24 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rahne\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2011/09/23 22:15:40 | 000,436,898 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15053 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..Trusted Domains: phoenix.edu ([]* in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212171958234 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280258516281 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (Reg Error: Key error.) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab (Playtime Games Launcher) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B535B69-FE10-48AC-8D5D-53572E7DCE44}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\ACERTX.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ACERTX.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /M:1a0808ee4) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SENS - C:\WINDOWS\system32\Sens32.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/09/30 03:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Desktop\VirusScanners [2011/09/30 01:33:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2008/05/30 23:38:01 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe [2008/05/30 23:34:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll [2008/05/30 23:34:10 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/09/30 03:24:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/09/30 03:22:41 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71319A2C-2F1A-48C7-99C5-44D4C34B9C14}.job [2011/09/30 02:27:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/09/30 02:26:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/09/30 02:22:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/09/30 02:22:48 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2011/09/23 22:15:40 | 000,436,898 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/09/23 10:04:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/09/22 23:27:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/09/21 20:04:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011/09/06 15:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/07/22 05:49:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/07/22 05:49:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/07/22 05:49:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/07/22 05:49:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/07/22 05:49:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/06/02 20:47:03 | 000,011,997 | ---- | C] () -- C:\Documents and Settings\Rahne\Application Data\SmarThruOptions.xml [2011/06/02 20:46:10 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2011/06/02 20:46:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2011/06/02 20:41:52 | 000,490,600 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011/06/02 20:41:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2011/06/02 20:40:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\sst2cl3.dll [2011/06/02 20:35:29 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2011/06/02 20:35:29 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2011/06/02 20:35:29 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2011/06/02 20:35:29 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2011/06/02 20:35:29 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2011/01/23 13:47:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini [2011/01/16 22:33:32 | 000,074,856 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/12/18 19:42:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/03/06 23:29:09 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/19 22:02:46 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2009/11/19 22:02:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2009/11/19 22:02:22 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2008/12/24 15:06:36 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat [2008/06/15 17:21:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/14 11:22:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\fusioncache.dat [2008/05/30 23:38:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys [2008/05/30 23:37:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2008/05/30 23:37:08 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll [2008/05/30 23:36:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll [2008/05/30 23:34:11 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll [2008/01/23 03:03:44 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini [2007/08/07 18:40:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/08/07 18:40:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/08/07 17:49:16 | 000,483,592 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/08/07 17:49:16 | 000,080,830 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/08/07 17:44:08 | 000,335,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/08/07 16:43:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2007/08/07 16:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2007/08/07 16:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2007/08/07 16:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2007/06/05 18:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll [2007/06/05 17:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/05/28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2007/05/28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2007/05/28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll [2007/03/22 20:59:10 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin [2007/01/04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys [2006/08/01 17:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/03/10 16:18:16 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/17 15:22:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/17 15:19:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 22:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/05/14 15:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe [2003/11/24 17:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll [2003/11/24 17:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll [2002/09/13 15:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/13 15:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2009/01/27 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton [2010/07/14 09:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/12/01 21:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2008/06/25 22:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime [2009/05/15 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/11/03 22:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut [2010/05/24 18:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/01/27 19:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Ableton [2011/07/16 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Amazon [2011/02/12 08:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\FrostWire [2009/11/19 22:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\pdf995 [2009/12/01 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\TaxCut [2009/09/27 16:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\W Photo Studio Viewer [2010/07/27 16:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Windows Search [2011/07/17 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trav\Application Data\Windows Desktop Search [2011/09/30 03:22:41 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{71319A2C-2F1A-48C7-99C5-44D4C34B9C14}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2004/08/04 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/04 22:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 22:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< C:\Windows\assembly\tmp\U /s >[/color] < End of report >